npm - payment-kit - Versions diffs - 1.29.1 → 1.29.2 - Mend

payment-kit 1.29.1 → 1.29.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/api/dev.ts +41 -2
package/api/hono.d.ts +42 -0
package/api/node-sqlite.d.ts +12 -0
package/api/src/bootstrap.ts +36 -0
package/api/src/crons/base.ts +3 -3
package/api/src/crons/currency.ts +1 -1
package/api/src/crons/index.ts +27 -24
package/api/src/crons/metering-subscription-detection.ts +1 -1
package/api/src/crons/overdue-detection.ts +2 -2
package/api/src/crons/retry-pending-events.ts +6 -0
package/api/src/index.ts +22 -161
package/api/src/integrations/app-store/client.ts +3 -4
package/api/src/integrations/app-store/handlers/subscription.ts +7 -7
package/api/src/integrations/app-store/signed-data-verifier.ts +3 -2
package/api/src/integrations/arcblock/token.ts +21 -7
package/api/src/integrations/google-play/handlers/subscription.ts +6 -6
package/api/src/integrations/google-play/handlers/voided.ts +2 -2
package/api/src/integrations/google-play/verify.ts +3 -2
package/api/src/integrations/iap-reconcile.ts +3 -5
package/api/src/integrations/stripe/handlers/invoice.ts +2 -2
package/api/src/integrations/stripe/handlers/subscription.ts +3 -3
package/api/src/libs/archive/query.ts +19 -0
package/api/src/libs/audit.ts +61 -4
package/api/src/libs/auth.ts +99 -38
package/api/src/libs/context.ts +78 -1
package/api/src/libs/currency.ts +2 -2
package/api/src/libs/dayjs.ts +8 -2
package/api/src/libs/drivers/auth-storage.ts +118 -0
package/api/src/libs/drivers/cron.ts +264 -0
package/api/src/libs/drivers/db.ts +170 -0
package/api/src/libs/drivers/identity.ts +81 -0
package/api/src/libs/drivers/index.ts +40 -0
package/api/src/libs/drivers/locks.ts +226 -0
package/api/src/libs/drivers/migrate-runner.ts +70 -0
package/api/src/libs/drivers/queue.ts +104 -0
package/api/src/libs/drivers/secrets.ts +194 -0
package/api/src/libs/env.ts +170 -54
package/api/src/libs/exchange-rate/service.ts +7 -6
package/api/src/libs/http-fetch-adapter.ts +50 -0
package/api/src/libs/invoice.ts +1 -1
package/api/src/libs/lock.ts +51 -47
package/api/src/libs/logger.ts +48 -8
package/api/src/libs/notification/index.ts +1 -1
package/api/src/libs/notification/template/customer-credit-low-balance.ts +2 -1
package/api/src/libs/notification/template/customer-revenue-succeeded.ts +1 -1
package/api/src/libs/notification/template/customer-reward-succeeded.ts +1 -1
package/api/src/libs/overdraft-protection.ts +1 -1
package/api/src/libs/payout.ts +1 -1
package/api/src/libs/queue/index.ts +259 -52
package/api/src/libs/queue/runtime.ts +175 -0
package/api/src/libs/resource.ts +3 -3
package/api/src/libs/secrets.ts +38 -0
package/api/src/libs/session.ts +3 -2
package/api/src/libs/subscription.ts +5 -5
package/api/src/libs/tenant.ts +92 -0
package/api/src/libs/url.ts +3 -3
package/api/src/libs/util.ts +21 -13
package/api/src/middlewares/hono/cdn.ts +63 -0
package/api/src/middlewares/hono/context.ts +73 -0
package/api/src/middlewares/hono/csrf.ts +72 -0
package/api/src/middlewares/hono/fallback.ts +194 -0
package/api/src/middlewares/hono/pipeline.ts +73 -0
package/api/src/middlewares/hono/resource-mount.ts +42 -0
package/api/src/middlewares/hono/resource.ts +63 -0
package/api/src/middlewares/hono/security.ts +214 -0
package/api/src/middlewares/hono/session.ts +114 -0
package/api/src/middlewares/hono/xss.ts +61 -0
package/api/src/queues/auto-recharge.ts +12 -10
package/api/src/queues/checkout-session.ts +17 -12
package/api/src/queues/credit-consume.ts +40 -36
package/api/src/queues/credit-grant.ts +25 -18
package/api/src/queues/credit-reconciliation.ts +7 -5
package/api/src/queues/discount-status.ts +9 -6
package/api/src/queues/event.ts +12 -4
package/api/src/queues/exchange-rate-health.ts +49 -30
package/api/src/queues/invoice.ts +18 -15
package/api/src/queues/notification.ts +14 -7
package/api/src/queues/payment.ts +41 -28
package/api/src/queues/payout.ts +9 -5
package/api/src/queues/refund.ts +18 -12
package/api/src/queues/subscription.ts +83 -53
package/api/src/queues/token-transfer.ts +15 -10
package/api/src/queues/usage-record.ts +8 -5
package/api/src/queues/vendors/commission.ts +7 -5
package/api/src/queues/vendors/fulfillment-coordinator.ts +17 -13
package/api/src/queues/vendors/fulfillment.ts +4 -2
package/api/src/queues/vendors/return-processor.ts +5 -3
package/api/src/queues/vendors/return-scanner.ts +5 -4
package/api/src/queues/vendors/status-check.ts +10 -7
package/api/src/queues/webhook.ts +60 -32
package/api/src/routes/connect/shared.ts +1 -2
package/api/src/routes/connect/subscribe.ts +3 -3
package/api/src/routes/{archive.ts → hono/archive.ts} +69 -64
package/api/src/routes/{auto-recharge-configs.ts → hono/auto-recharge-configs.ts} +39 -28
package/api/src/routes/{checkout-sessions.ts → hono/checkout-sessions.ts} +790 -923
package/api/src/routes/{coupons.ts → hono/coupons.ts} +93 -76
package/api/src/routes/{credit-grants.ts → hono/credit-grants.ts} +140 -126
package/api/src/routes/hono/credit-tokens.ts +43 -0
package/api/src/routes/{credit-transactions.ts → hono/credit-transactions.ts} +37 -29
package/api/src/routes/{customers.ts → hono/customers.ts} +193 -223
package/api/src/routes/{donations.ts → hono/donations.ts} +41 -32
package/api/src/routes/{entitlements.ts → hono/entitlements.ts} +28 -25
package/api/src/routes/{events.ts → hono/events.ts} +107 -71
package/api/src/routes/{exchange-rate-providers.ts → hono/exchange-rate-providers.ts} +138 -126
package/api/src/routes/hono/exchange-rates.ts +77 -0
package/api/src/routes/hono/index.ts +115 -0
package/api/src/routes/{integrations → hono/integrations}/app-store.ts +68 -48
package/api/src/routes/{integrations → hono/integrations}/google-play.ts +78 -58
package/api/src/routes/hono/integrations/stripe.ts +74 -0
package/api/src/routes/{invoices.ts → hono/invoices.ts} +253 -244
package/api/src/routes/{meter-events.ts → hono/meter-events.ts} +120 -110
package/api/src/routes/hono/meters.ts +288 -0
package/api/src/routes/hono/passports.ts +73 -0
package/api/src/routes/{payment-currencies.ts → hono/payment-currencies.ts} +219 -197
package/api/src/routes/{payment-intents.ts → hono/payment-intents.ts} +136 -132
package/api/src/routes/{payment-links.ts → hono/payment-links.ts} +145 -128
package/api/src/routes/{payment-methods.ts → hono/payment-methods.ts} +125 -93
package/api/src/routes/{payment-stats.ts → hono/payment-stats.ts} +30 -25
package/api/src/routes/{payouts.ts → hono/payouts.ts} +55 -47
package/api/src/routes/{prices.ts → hono/prices.ts} +265 -242
package/api/src/routes/{pricing-table.ts → hono/pricing-table.ts} +94 -87
package/api/src/routes/{products.ts → hono/products.ts} +172 -159
package/api/src/routes/{promotion-codes.ts → hono/promotion-codes.ts} +207 -185
package/api/src/routes/hono/redirect.ts +24 -0
package/api/src/routes/{refunds.ts → hono/refunds.ts} +96 -80
package/api/src/routes/{settings.ts → hono/settings.ts} +64 -55
package/api/src/routes/{subscription-items.ts → hono/subscription-items.ts} +64 -57
package/api/src/routes/{subscriptions.ts → hono/subscriptions.ts} +475 -528
package/api/src/routes/{tax-rates.ts → hono/tax-rates.ts} +71 -70
package/api/src/routes/hono/tool.ts +69 -0
package/api/src/routes/{usage-records.ts → hono/usage-records.ts} +47 -42
package/api/src/routes/{vendor.ts → hono/vendor.ts} +315 -167
package/api/src/routes/{webhook-attempts.ts → hono/webhook-attempts.ts} +17 -13
package/api/src/routes/hono/webhook-endpoints.ts +126 -0
package/api/src/service.ts +667 -0
package/api/src/store/migrations/20230911-seeding.ts +2 -1
package/api/src/store/migrations/20260609-remove-did-space-jobs.ts +23 -0
package/api/src/store/migrations/20260610-tenant-columns.ts +40 -0
package/api/src/store/migrations/20260611-tenant-backfill.ts +33 -0
package/api/src/store/models/auto-recharge-config.ts +22 -10
package/api/src/store/models/checkout-session.ts +15 -14
package/api/src/store/models/coupon.ts +29 -20
package/api/src/store/models/credit-grant.ts +38 -29
package/api/src/store/models/credit-transaction.ts +32 -21
package/api/src/store/models/customer.ts +19 -17
package/api/src/store/models/discount.ts +11 -2
package/api/src/store/models/entitlement-grant.ts +21 -9
package/api/src/store/models/entitlement-product.ts +21 -9
package/api/src/store/models/entitlement.ts +19 -10
package/api/src/store/models/event.ts +18 -9
package/api/src/store/models/exchange-rate-provider.ts +17 -4
package/api/src/store/models/invoice-item.ts +18 -9
package/api/src/store/models/invoice.ts +16 -8
package/api/src/store/models/meter-event.ts +27 -9
package/api/src/store/models/meter.ts +31 -22
package/api/src/store/models/payment-currency.ts +25 -8
package/api/src/store/models/payment-intent.ts +15 -6
package/api/src/store/models/payment-link.ts +15 -6
package/api/src/store/models/payment-method.ts +38 -22
package/api/src/store/models/payment-stat.ts +18 -9
package/api/src/store/models/payout.ts +15 -6
package/api/src/store/models/price-quote.ts +17 -8
package/api/src/store/models/price.ts +24 -12
package/api/src/store/models/pricing-table.ts +29 -20
package/api/src/store/models/product-vendor.ts +20 -10
package/api/src/store/models/product.ts +15 -6
package/api/src/store/models/promotion-code.ts +14 -6
package/api/src/store/models/refund.ts +15 -6
package/api/src/store/models/revenue-snapshot.ts +21 -9
package/api/src/store/models/setting.ts +18 -9
package/api/src/store/models/setup-intent.ts +36 -27
package/api/src/store/models/subscription-item.ts +21 -9
package/api/src/store/models/subscription-schedule.ts +21 -9
package/api/src/store/models/subscription.ts +21 -10
package/api/src/store/models/tax-rate.ts +29 -21
package/api/src/store/models/usage-record.ts +11 -2
package/api/src/store/models/webhook-attempt.ts +18 -9
package/api/src/store/models/webhook-endpoint.ts +18 -9
package/api/src/store/scoped-core.ts +55 -0
package/api/src/store/scoped.ts +247 -0
package/api/src/store/sequelize.ts +66 -22
package/api/src/store/sql-migrations.ts +20 -0
package/api/src/store/tenant-backfill.ts +260 -0
package/api/src/store/tenant-model.ts +124 -0
package/api/src/store/tenant-tables.ts +50 -0
package/api/tests/embedded/embedded-multi-mode-d3.spec.ts +257 -0
package/api/tests/fixtures/bare-query-violation.ts +13 -0
package/api/tests/fixtures/core-env-violation.ts +10 -0
package/api/tests/fixtures/host-read-violation.ts +19 -0
package/api/tests/fixtures/tenants.ts +4 -0
package/api/tests/integrations/iap-tenant.spec.ts +284 -0
package/api/tests/libs/archive-query.spec.ts +26 -0
package/api/tests/libs/audit-tenant.spec.ts +153 -0
package/api/tests/libs/context.spec.ts +204 -0
package/api/tests/libs/core-config.spec.ts +115 -0
package/api/tests/libs/cron-driver-d2.spec.ts +237 -0
package/api/tests/libs/crons-conservation-d2.spec.ts +52 -0
package/api/tests/libs/lock-tenant.spec.ts +66 -0
package/api/tests/libs/scoped.spec.ts +222 -0
package/api/tests/libs/secrets-facade.spec.ts +52 -0
package/api/tests/libs/tenancy-slot-authority.spec.ts +209 -0
package/api/tests/libs/tenant-middleware.spec.ts +42 -0
package/api/tests/libs/tenant-scanner.spec.ts +120 -0
package/api/tests/middlewares/hono/cdn.spec.ts +70 -0
package/api/tests/middlewares/hono/context.spec.ts +113 -0
package/api/tests/middlewares/hono/csrf.spec.ts +136 -0
package/api/tests/middlewares/hono/fallback.spec.ts +67 -0
package/api/tests/middlewares/hono/pipeline.spec.ts +47 -0
package/api/tests/middlewares/hono/security.spec.ts +181 -0
package/api/tests/middlewares/hono/session.spec.ts +42 -0
package/api/tests/middlewares/hono/xss.spec.ts +81 -0
package/api/tests/models/tenant-backfill.spec.ts +287 -0
package/api/tests/models/tenant-columns-model.spec.ts +46 -0
package/api/tests/models/tenant-columns.spec.ts +161 -0
package/api/tests/queues/credit-consume-batch.spec.ts +8 -1
package/api/tests/queues/credit-consume.spec.ts +8 -1
package/api/tests/queues/event-tenant.spec.ts +236 -0
package/api/tests/queues/exchange-rate-health-tenant-d6.spec.ts +62 -0
package/api/tests/queues/queue-parity.spec.ts +249 -0
package/api/tests/queues/queue-runtime-surface.spec.ts +277 -0
package/api/tests/queues/queue-teardown-d2.spec.ts +127 -0
package/api/tests/queues/tenant-matrix-a.spec.ts +245 -0
package/api/tests/queues/tenant-matrix-b.spec.ts +168 -0
package/api/tests/routes/connect/hono-attach.spec.ts +107 -0
package/api/tests/service/collapse.spec.ts +96 -0
package/api/tests/store/tenant-crosscut.spec.ts +202 -0
package/api/tests/store/tenant-model-spike.spec.ts +177 -0
package/api/tests/store/tenant-model.spec.ts +162 -0
package/api/tests/store/tenant-residual.spec.ts +196 -0
package/api/third.d.ts +4 -0
package/blocklet.yml +1 -1
package/cloudflare/README.md +26 -6
package/cloudflare/build.ts +28 -13
package/cloudflare/did-connect-auth.ts +0 -217
package/cloudflare/migrations/0006_tenant_columns.sql +46 -0
package/cloudflare/migrations/0007_tenant_backfill_indexes.sql +65 -0
package/cloudflare/migrations/0008_schema_parity.sql +16 -0
package/cloudflare/migrations/0009_remove_did_space_jobs.sql +5 -0
package/cloudflare/queue-runtime-mode.ts +13 -0
package/cloudflare/run-build.js +10 -56
package/cloudflare/shims/blocklet-sdk/asset-host-transformer.ts +20 -0
package/cloudflare/shims/blocklet-sdk/config.ts +8 -1
package/cloudflare/shims/blocklet-sdk/login.ts +12 -0
package/cloudflare/shims/blocklet-sdk/service-api.ts +14 -0
package/cloudflare/shims/blocklet-sdk/session.ts +4 -2
package/cloudflare/shims/blocklet-sdk/util-constants.ts +8 -0
package/cloudflare/shims/blocklet-sdk/util-csrf.ts +13 -0
package/cloudflare/shims/blocklet-sdk/util-wallet.ts +8 -0
package/cloudflare/shims/cron.ts +38 -158
package/cloudflare/shims/events.ts +124 -0
package/cloudflare/shims/fastq.ts +15 -1
package/cloudflare/shims/nedb-storage.ts +16 -8
package/cloudflare/shims/xss.ts +8 -0
package/cloudflare/tenant-middleware.ts +36 -0
package/cloudflare/tests/tenant-middleware.spec.ts +160 -0
package/cloudflare/tests/worker-handler-gate.spec.ts +44 -0
package/cloudflare/worker.ts +204 -433
package/cloudflare/wrangler.local-e2e.jsonc +26 -0
package/jest.config.js +3 -1
package/package.json +33 -38
package/scripts/core-env-whitelist.json +1 -0
package/scripts/e2e-12b-runtime.ts +149 -0
package/scripts/e2e-core-config.ts +125 -0
package/scripts/e2e-d1-tenancy.ts +116 -0
package/scripts/e2e-d2-cron-queue.ts +139 -0
package/scripts/e2e-d3-embedded-multi.ts +171 -0
package/scripts/e2e-hono-s2.ts +125 -0
package/scripts/e2e-hono-s3e.ts +135 -0
package/scripts/e2e-hono-s4.ts +114 -0
package/scripts/e2e-migration-contract.ts +100 -0
package/scripts/e2e-s0.ts +61 -0
package/scripts/e2e-s1.ts +107 -0
package/scripts/e2e-s2.ts +178 -0
package/scripts/e2e-s3.ts +110 -0
package/scripts/e2e-s4.ts +191 -0
package/scripts/e2e-s5.ts +139 -0
package/scripts/e2e-s6.ts +127 -0
package/scripts/e2e-tenant-model.ts +119 -0
package/scripts/e2e-tenant-worker.ts +199 -0
package/scripts/gen-sql-migrations.js +46 -0
package/scripts/phase8-codemod.js +219 -0
package/scripts/phase9a-env-getters-codemod.js +82 -0
package/scripts/scan-core-env.js +109 -0
package/scripts/scan-tenant-queries.js +235 -0
package/scripts/schema-drift-guard.ts +210 -0
package/scripts/tenant-scan-whitelist.json +1 -0
package/src/env.d.ts +13 -1
package/tsconfig.json +1 -1
package/api/src/libs/did-space.ts +0 -235
package/api/src/libs/middleware.ts +0 -50
package/api/src/libs/security.ts +0 -192
package/api/src/queues/space.ts +0 -662
package/api/src/routes/credit-tokens.ts +0 -38
package/api/src/routes/exchange-rates.ts +0 -87
package/api/src/routes/index.ts +0 -142
package/api/src/routes/integrations/stripe.ts +0 -61
package/api/src/routes/meters.ts +0 -274
package/api/src/routes/passports.ts +0 -68
package/api/src/routes/redirect.ts +0 -20
package/api/src/routes/tool.ts +0 -65
package/api/src/routes/webhook-endpoints.ts +0 -126
package/api/tests/routes/credit-grants.spec.ts +0 -1261
package/cloudflare/shims/did-space-js.ts +0 -17
package/cloudflare/shims/did-space.ts +0 -11
package/cloudflare/shims/express-compat/index.ts +0 -80
package/cloudflare/shims/express-compat/types.ts +0 -41
package/cloudflare/shims/lock.ts +0 -115
package/cloudflare/shims/queue.ts +0 -611
package/cloudflare/tests/shims/queue-delayed-persist.spec.ts +0 -87
package/cloudflare/tests/shims/queue-scheduled.spec.ts +0 -186

package/api/src/routes/exchange-rates.ts DELETED Viewed

@@ -1,87 +0,0 @@
-import { Router } from 'express';
-import { getExchangeRateService } from '../libs/exchange-rate/service';
-import { getExchangeRateSymbol, hasTokenAddress } from '../libs/exchange-rate/token-address-mapping';
-import { authenticate } from '../libs/security';
-import { ChainType, PaymentCurrency, PaymentMethod } from '../store/models';
-const router = Router();
-const auth = authenticate({ component: true, roles: ['owner', 'admin'], ensureLogin: true });
-const exchangeRateService = getExchangeRateService();
-/**
- * Validate if exchange rate can be fetched for a currency
- * This is used during price creation/editing to validate the base currency
- */
-router.post('/validate', auth, async (req, res) => {
-  try {
-    const { currency: currencyId } = req.body;
-    if (!currencyId) {
-      return res.status(400).json({ error: 'currency is required' });
-    }
-    const paymentCurrency = (await PaymentCurrency.findByPk(currencyId, {
-      include: [
-        {
-          model: PaymentMethod,
-          as: 'payment_method',
-        },
-      ],
-    })) as PaymentCurrency & { payment_method: PaymentMethod };
-    if (!paymentCurrency) {
-      return res.status(400).json({ error: 'Currency not found' });
-    }
-    if (paymentCurrency.payment_method?.type === 'stripe') {
-      return res.status(400).json({
-        error: `Currency ${paymentCurrency.symbol} is not supported.`,
-        supported: false,
-      });
-    }
-    // Check if token has address mapping
-    if (!hasTokenAddress(paymentCurrency.symbol, paymentCurrency.payment_method?.type as ChainType)) {
-      return res.status(400).json({
-        error: `Currency ${paymentCurrency.symbol} is not supported.`,
-        supported: false,
-      });
-    }
-    // Try to fetch exchange rate
-    try {
-      const rateSymbol = getExchangeRateSymbol(
-        paymentCurrency.symbol,
-        paymentCurrency.payment_method?.type as ChainType
-      );
-      const rateResult = await exchangeRateService.getRate(rateSymbol);
-      // Return full rate info consistent with checkout-sessions exchange-rate endpoint
-      return res.json({
-        supported: true,
-        currency: paymentCurrency.symbol,
-        base_currency: 'USD',
-        rate: rateResult.rate,
-        timestamp_ms: rateResult.timestamp_ms,
-        fetched_at: rateResult.fetched_at,
-        provider_id: rateResult.provider_id,
-        provider_name: rateResult.provider_name,
-        provider_display: rateResult.provider_display,
-        providers: rateResult.providers,
-        consensus_method: rateResult.consensus_method,
-        degraded: rateResult.degraded,
-        degraded_reason: rateResult.degraded_reason,
-      });
-    } catch (error: any) {
-      return res.status(400).json({
-        error: `Failed to fetch exchange rate for ${paymentCurrency.symbol}: ${error.message}`,
-        supported: false,
-      });
-    }
-  } catch (error: any) {
-    return res.status(400).json({ error: error.message });
-  }
-});
-export default router;

package/api/src/routes/index.ts DELETED Viewed

@@ -1,142 +0,0 @@
-import { Router } from 'express';
-import { PaymentCurrency } from '../store/models/payment-currency';
-import autoRechargeConfigs from './auto-recharge-configs';
-import checkoutSessions from './checkout-sessions';
-import coupons from './coupons';
-import creditGrants from './credit-grants';
-import creditTokens from './credit-tokens';
-import creditTransactions from './credit-transactions';
-import customers from './customers';
-import donations from './donations';
-import events from './events';
-import entitlements from './entitlements';
-import appStore from './integrations/app-store';
-import googlePlay from './integrations/google-play';
-import stripe from './integrations/stripe';
-import invoices from './invoices';
-import meterEvents from './meter-events';
-import taxRates from './tax-rates';
-import meters from './meters';
-import passports from './passports';
-import paymentCurrencies from './payment-currencies';
-import paymentIntents from './payment-intents';
-import paymentLinks from './payment-links';
-import paymentMethods from './payment-methods';
-import paymentStats from './payment-stats';
-import payouts from './payouts';
-import prices from './prices';
-import pricingTables from './pricing-table';
-import products from './products';
-import promotionCodes from './promotion-codes';
-import redirect from './redirect';
-import refunds from './refunds';
-import exchangeRateProviders from './exchange-rate-providers';
-import exchangeRates from './exchange-rates';
-import settings from './settings';
-import subscriptionItems from './subscription-items';
-import subscriptions from './subscriptions';
-import usageRecords from './usage-records';
-import webhookAttempts from './webhook-attempts';
-import webhookEndpoints from './webhook-endpoints';
-import vendor from './vendor';
-import tool from './tool';
-import archive from './archive';
-const router = Router();
-router.use((req, _, next) => {
-  if (req.query.livemode) {
-    try {
-      req.livemode = !!JSON.parse(String(req.query.livemode));
-    } catch {
-      req.livemode = true;
-    }
-  } else if (typeof req.livemode !== 'boolean') {
-    // CF Workers' createExpressReq pre-populates req.livemode from the worker's
-    // PAYMENT_LIVEMODE env var; honor that when set. Express dev has no
-    // upstream, so we fall back to the env var ourselves — defaulting to
-    // livemode=true unless explicitly disabled via PAYMENT_LIVEMODE=false.
-    req.livemode = process.env.PAYMENT_LIVEMODE !== 'false';
-  }
-  next();
-});
-// Lazy-load base currency with TTL cache to avoid DB query on every request
-const baseCurrencyCache = new Map<string, { data: any; expires: number }>();
-const BASE_CURRENCY_TTL = 5 * 60_000; // 5 minutes (invalidated on model update)
-// Lazily register hooks after models are initialized (avoid top-level addHook before Sequelize init)
-let baseCurrencyHooksRegistered = false;
-function ensureBaseCurrencyHooks() {
-  if (baseCurrencyHooksRegistered) return;
-  baseCurrencyHooksRegistered = true;
-  PaymentCurrency.addHook('afterUpdate', 'invalidateBaseCurrencyCache', () => {
-    baseCurrencyCache.clear();
-  });
-  PaymentCurrency.addHook('afterDestroy', 'invalidateBaseCurrencyCacheOnDelete', () => {
-    baseCurrencyCache.clear();
-  });
-}
-// Base currency middleware — only needed by routes that use req.currency
-// (checkout-sessions, donations, payment-links, prices, products)
-const loadBaseCurrency = async (req: any, _: any, next: any) => {
-  ensureBaseCurrencyHooks();
-  const key = `base_${req.livemode}`;
-  const cached = baseCurrencyCache.get(key);
-  if (cached && cached.expires > Date.now()) {
-    req.baseCurrency = cached.data;
-  } else {
-    req.baseCurrency = await PaymentCurrency.findOne({ where: { is_base_currency: true, livemode: req.livemode } });
-    if (req.baseCurrency) {
-      baseCurrencyCache.set(key, { data: req.baseCurrency, expires: Date.now() + BASE_CURRENCY_TTL });
-    }
-  }
-  next();
-};
-router.use('/auto-recharge-configs', autoRechargeConfigs);
-router.use('/checkout-sessions', loadBaseCurrency, checkoutSessions);
-router.use('/coupons', coupons);
-router.use('/credit-grants', creditGrants);
-router.use('/credit-tokens', creditTokens);
-router.use('/credit-transactions', creditTransactions);
-router.use('/customers', customers);
-router.use('/donations', loadBaseCurrency, donations);
-router.use('/events', events);
-router.use('/invoices', invoices);
-router.use('/integrations/stripe', stripe);
-router.use('/integrations/google-play', googlePlay);
-router.use('/integrations/app-store', appStore);
-router.use('/entitlements', entitlements);
-router.use('/meter-events', meterEvents);
-router.use('/meters', meters);
-router.use('/passports', passports);
-router.use('/payment-intents', paymentIntents);
-router.use('/payment-links', loadBaseCurrency, paymentLinks);
-router.use('/payment-methods', paymentMethods);
-router.use('/payment-currencies', paymentCurrencies);
-router.use('/payment-stats', paymentStats);
-router.use('/prices', loadBaseCurrency, prices);
-router.use('/pricing-tables', pricingTables);
-router.use('/tax-rates', taxRates);
-router.use('/products', loadBaseCurrency, products);
-router.use('/promotion-codes', promotionCodes);
-router.use('/exchange-rate-providers', exchangeRateProviders);
-router.use('/exchange-rates', exchangeRates);
-router.use('/payouts', payouts);
-router.use('/redirect', redirect);
-router.use('/refunds', refunds);
-router.use('/settings', settings);
-router.use('/subscription-items', subscriptionItems);
-router.use('/subscriptions', subscriptions);
-router.use('/usage-records', usageRecords);
-router.use('/webhook-attempts', webhookAttempts);
-router.use('/webhook-endpoints', webhookEndpoints);
-router.use('/vendors', vendor);
-router.use('/tool', tool);
-router.use('/archive', archive);
-export default router;

package/api/src/routes/integrations/stripe.ts DELETED Viewed

@@ -1,61 +0,0 @@
-import { env } from '@blocklet/sdk/lib/env';
-import express, { NextFunction, Request, Response, Router } from 'express';
-import get from 'lodash/get';
-import handleStripeEvent from '../../integrations/stripe/handlers';
-import logger from '../../libs/logger';
-import { STRIPE_EVENTS } from '../../libs/util';
-import { PaymentMethod } from '../../store/models';
-const router = Router();
-const verifyWebhookSig = async (req: Request, res: Response, next: NextFunction) => {
-  try {
-    const signature = req.get('stripe-signature');
-    if (!signature) {
-      return res.status(400).json({ error: 'No stripe webhook signature found' });
-    }
-    const json = JSON.parse(req.body.toString('utf8'));
-    const method = await PaymentMethod.findOne({ where: { type: 'stripe', livemode: json.livemode } });
-    if (!method) {
-      return res.status(400).json({ error: 'No stripe payment method found' });
-    }
-    const stripe = method.getStripeClient();
-    const settings = PaymentMethod.decryptSettings(method.settings);
-    const secret = process.env.STRIPE_WEBHOOK_SECRET || settings.stripe?.webhook_signing_secret;
-    req.stripeEvent = stripe.webhooks.constructEvent(req.body, signature, secret as string);
-    req.stripeClient = stripe;
-    return next();
-  } catch (err) {
-    logger.error('verify signature error', { error: err });
-    return res.status(400).json({ error: err.message });
-  }
-};
-const handleEvent = async (req: Request, res: Response) => {
-  const { stripeEvent, stripeClient } = req;
-  if (STRIPE_EVENTS.includes(stripeEvent.type) === false) {
-    logger.debug('webhook event not interested', { id: stripeEvent.id, type: stripeEvent.type });
-    return res.json({ skipped: true });
-  }
-  // only events from this app should be processed
-  const appPid = get(stripeEvent, 'data.object.metadata.appPid');
-  if (appPid && appPid !== env.appPid) {
-    logger.debug('webhook event for other app', { id: stripeEvent.id, type: stripeEvent.type });
-    return res.json({ skipped: true });
-  }
-  logger.debug('webhook received event', { id: stripeEvent.id, type: stripeEvent.type });
-  await handleStripeEvent(stripeEvent, stripeClient);
-  return res.json({ received: true });
-};
-router.post('/webhook', express.raw({ type: 'application/json' }), verifyWebhookSig, handleEvent);
-export default router;

package/api/src/routes/meters.ts DELETED Viewed

@@ -1,274 +0,0 @@
-import { Router } from 'express';
-import Joi from 'joi';
-import pick from 'lodash/pick';
-import { Op } from 'sequelize';
-import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
-import logger from '../libs/logger';
-import { authenticate } from '../libs/security';
-import { formatMetadata } from '../libs/util';
-import { Meter, PaymentCurrency, PaymentMethod } from '../store/models';
-const router = Router();
-const auth = authenticate<Meter>({ component: true, roles: ['owner', 'admin'] });
-const meterSchema = Joi.object({
-  name: Joi.string().max(64).required(),
-  event_name: Joi.string().max(64).required(),
-  aggregation_method: Joi.string().valid('sum', 'count', 'last').default('sum'),
-  unit: Joi.string().max(32).required(),
-  currency_id: Joi.string().max(40).optional(),
-  decimal: Joi.number().integer().min(2).max(18).default(10),
-  description: Joi.string().max(255).allow('').optional(),
-  metadata: MetadataSchema,
-  component_did: Joi.string().max(40).optional(),
-  token: Joi.object({
-    tokenFactoryAddress: Joi.string().required(),
-  }).optional(),
-}).unknown(true);
-const updateMeterSchema = Joi.object({
-  name: Joi.string().max(64).optional(),
-  description: Joi.string().max(255).allow('').optional(),
-  status: Joi.string().valid('active', 'inactive').optional(),
-});
-const listSchema = createListParamSchema<{ event_name?: string }>({
-  event_name: Joi.string().empty(''),
-});
-router.get('/', auth, async (req, res) => {
-  try {
-    const { page, pageSize, ...query } = await listSchema.validateAsync(req.query, { stripUnknown: true });
-    const where = getWhereFromKvQuery(query.q);
-    if (typeof query.livemode === 'boolean') {
-      where.livemode = query.livemode;
-    }
-    if (query.event_name) {
-      where.event_name = query.event_name;
-    }
-    const { rows: list, count } = await Meter.findAndCountAll({
-      where,
-      order: getOrder(query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
-      offset: (page - 1) * pageSize,
-      limit: pageSize,
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    res.json({ count, list, paging: { page, pageSize } });
-  } catch (err) {
-    logger.error('Error listing meters', err);
-    res.status(400).json({ error: err?.message });
-  }
-});
-router.post('/', auth, async (req, res) => {
-  try {
-    const { error } = meterSchema.validate(req.body);
-    if (error) {
-      return res.status(400).json({ error: `Meter create request invalid: ${error.message}` });
-    }
-    const existing = await Meter.findOne({
-      where: { event_name: req.body.event_name },
-    });
-    if (existing) {
-      return res.status(409).json({ error: `Meter with event_name "${req.body.event_name}" already exists` });
-    }
-    if (['count', 'last'].includes(req.body.aggregation_method)) {
-      return res.status(400).json({ error: 'Aggregation method is not supported' });
-    }
-    const needArcblockMethod = req.body.token?.tokenFactoryAddress || !req.body.currency_id;
-    const arcblockMethod = needArcblockMethod
-      ? await PaymentMethod.findOne({ where: { livemode: !!req.livemode, type: 'arcblock' } })
-      : null;
-    if (needArcblockMethod && !arcblockMethod) {
-      throw new Error('ArcBlock payment method not found');
-    }
-    let tokenConfig: Record<string, any> | undefined;
-    if (req.body.token?.tokenFactoryAddress) {
-      const client = arcblockMethod!.getOcapClient();
-      const { state: tokenFactoryState } = await client.getTokenFactoryState({
-        address: req.body.token.tokenFactoryAddress,
-      });
-      if (!tokenFactoryState) {
-        return res.status(400).json({ error: 'Token factory not found on chain' });
-      }
-      tokenConfig = {
-        address: tokenFactoryState.token.address,
-        symbol: tokenFactoryState.token.symbol,
-        name: tokenFactoryState.token.name,
-        decimal: tokenFactoryState.token.decimal,
-        token_factory_address: tokenFactoryState.address,
-      };
-    }
-    const meterData = {
-      ...pick(req.body, ['name', 'event_name', 'aggregation_method', 'unit', 'currency_id', 'description', 'metadata']),
-      livemode: !!req.livemode,
-      created_via: req.user?.via || 'api',
-      status: req.body.status || 'active',
-      metadata: formatMetadata(req.body.metadata),
-    };
-    if (!meterData.currency_id) {
-      const paymentCurrency = await PaymentCurrency.createForMeter(meterData, arcblockMethod!.id, tokenConfig, {
-        decimal: req.body.decimal,
-      });
-      meterData.currency_id = paymentCurrency.id;
-    }
-    const meter = await Meter.create(meterData);
-    const result = await Meter.findByPk(meter.id, {
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    logger.info('Meter created', { meterId: meter.id, eventName: meter.event_name });
-    return res.json(result);
-  } catch (err) {
-    logger.error('create meter failed', { error: err?.message, request: req.body });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-// Public endpoint: only returns safe fields, no auth required
-const PUBLIC_METER_FIELDS = ['id', 'name', 'event_name', 'status', 'unit', 'description', 'currency_id'] as const;
-router.get('/public/:id', async (req, res) => {
-  try {
-    const meter = await Meter.findOne({
-      where: {
-        [Op.or]: [{ id: req.params.id }, { event_name: req.params.id }],
-      },
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    if (!meter) {
-      return res.status(404).json({ error: 'Meter not found' });
-    }
-    return res.json({
-      ...pick(meter.toJSON(), PUBLIC_METER_FIELDS),
-      paymentCurrency: (meter as any).paymentCurrency
-        ? pick((meter as any).paymentCurrency.toJSON(), ['id', 'name', 'symbol', 'decimal', 'logo', 'type'])
-        : null,
-    });
-  } catch (err) {
-    logger.error('get public meter failed', { error: err?.message, meterId: req.params.id });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-router.get('/:id', auth, async (req, res) => {
-  try {
-    const meter = await Meter.findOne({
-      where: {
-        [Op.or]: [{ id: req.params.id }, { event_name: req.params.id }],
-      },
-      include: [{ model: PaymentCurrency.scope('withRechargeConfig'), as: 'paymentCurrency' }],
-    });
-    if (!meter) {
-      return res.status(404).json({ error: 'Meter not found' });
-    }
-    return res.json(meter);
-  } catch (err) {
-    logger.error('get meter failed', { error: err?.message, meterId: req.params.id });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-router.put('/:id', auth, async (req, res) => {
-  try {
-    const { error } = updateMeterSchema.validate(pick(req.body, ['name', 'description', 'status']));
-    if (error) {
-      return res.status(400).json({ error: `Meter update request invalid: ${error.message}` });
-    }
-    const meter = await Meter.findByPk(req.params.id, {
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    if (!meter) {
-      return res.status(404).json({ error: 'Meter not found' });
-    }
-    const updateData: any = {
-      ...pick(req.body, ['name', 'description', 'status']),
-      unit: req.body.unit || meter.unit,
-      updated_by: req.user?.did,
-    };
-    if (req.body.metadata) {
-      const { error: metadataError } = MetadataSchema.validate(req.body.metadata);
-      if (metadataError) {
-        return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
-      }
-      updateData.metadata = formatMetadata(req.body.metadata);
-    }
-    await meter.update(updateData);
-    return res.json(meter);
-  } catch (err) {
-    logger.error('update meter failed', { error: err?.message, meterId: req.params.id });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-router.put('/:id/activate', auth, async (req, res) => {
-  try {
-    const meter = await Meter.findByPk(req.params.id, {
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    if (!meter) {
-      return res.status(404).json({ error: 'Meter not found' });
-    }
-    if (meter.status === 'active') {
-      return res.status(400).json({ error: 'Meter is already active' });
-    }
-    await meter.update({
-      status: 'active',
-      updated_by: req.user?.did,
-    });
-    return res.json(meter);
-  } catch (err) {
-    logger.error('activate meter failed', { error: err?.message, meterId: req.params.id });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-router.put('/:id/deactivate', auth, async (req, res) => {
-  try {
-    const meter = await Meter.findByPk(req.params.id, {
-      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
-    });
-    if (!meter) {
-      return res.status(404).json({ error: 'Meter not found' });
-    }
-    if (meter.status === 'inactive') {
-      return res.status(400).json({ error: 'Meter is already inactive' });
-    }
-    await meter.update({
-      status: 'inactive',
-      updated_by: req.user?.did,
-    });
-    return res.json(meter);
-  } catch (err) {
-    logger.error('deactivate meter failed', { error: err?.message, meterId: req.params.id });
-    return res.status(400).json({ error: err?.message });
-  }
-});
-export default router;

package/api/src/routes/passports.ts DELETED Viewed

@@ -1,68 +0,0 @@
-import { Router } from 'express';
-import { updatePassportExtra } from '../integrations/blocklet/passport';
-import { blocklet } from '../libs/auth';
-import { authenticate } from '../libs/security';
-import { PaymentLink, PricingTable, Product } from '../store/models';
-const router = Router();
-const auth = authenticate<any>({ component: false, roles: ['owner', 'admin'] });
-router.get('/', auth, async (_, res) => {
-  const result = await blocklet.getRoles();
-  res.json(result.roles);
-});
-router.put('/assign', auth, async (req, res) => {
-  const { name, id } = req.body;
-  if (!id) {
-    return res.status(400).json({ message: 'payment entry or product id is required' });
-  }
-  if (!name) {
-    return res.status(400).json({ message: 'passport name is required' });
-  }
-  if (id.startsWith('plink_')) {
-    const doc = await PaymentLink.findByPk(id);
-    if (!doc?.active) {
-      return res.status(400).json({ message: 'payment link is not active' });
-    }
-    const result = await updatePassportExtra(name, { acquire: { pay: id } });
-    return res.json(result);
-  }
-  if (id.startsWith('prctbl_')) {
-    const doc = await PricingTable.findByPk(id);
-    if (!doc?.active) {
-      return res.status(400).json({ message: 'pricing table is not active' });
-    }
-    const result = await updatePassportExtra(name, { acquire: { pay: id } });
-    return res.json(result);
-  }
-  if (id.startsWith('prod_')) {
-    const doc = await Product.findByPk(id);
-    if (!doc?.active) {
-      return res.status(400).json({ message: 'product is not active' });
-    }
-    await doc.update({ metadata: { ...doc.metadata, passport: name } });
-    const result = await updatePassportExtra(name, { payment: { product: id } });
-    return res.json(result);
-  }
-  return res.status(400).json({ message: 'pay link is not support' });
-});
-router.delete('/assign/:name', auth, async (req, res) => {
-  const result = await updatePassportExtra(req.params.name as string, {
-    payment: { product: '' },
-    acquire: { pay: '' },
-  });
-  return res.json(result);
-});
-export default router;

package/api/src/routes/redirect.ts DELETED Viewed

@@ -1,20 +0,0 @@
-import qs from 'querystring';
-import { getUrl } from '@blocklet/sdk/lib/component';
-import { Router } from 'express';
-const router = Router();
-router.get('/checkout/:entryId', (req, res) => {
-  const { entryId } = req.params;
-  if (entryId.startsWith('plink_')) {
-    return res.redirect(getUrl(`/checkout/pay/${entryId}?${qs.stringify(req.query as any)}`));
-  }
-  if (entryId.startsWith('prctbl_')) {
-    return res.redirect(getUrl(`/checkout/pricing-table/${entryId}?${qs.stringify(req.query as any)}`));
-  }
-  return res.redirect(getUrl('/'));
-});
-export default router;